**Deadline:** Wednesday, 02/24/16, 11:59 pm
*This assignment may be done as individuals or with one partner.
Teams of size three or greater are not permitted. If you do use
a partner, you might try the following strategy: one of you drafts
an answer to problem 1, the other drafts an answer to problem 2, then
you meet to critique and improve each other's answers.*
### Problem 1
First, **perform a threat analysis and harm analysis** on the following system.
In doing so, you should answer these questions:
1. What are the assets of the system?
2. What are the threats of concern? What are their motivations and capabilities?
Are there any threats that are excluded?
3. For each asset, and for each aspect of security (confidentiality, integrity,
availability), what are the possible harms that could occur?
Second, **write security goals** for the system based on your analysis.
If any goals are infeasible, identify ways to relax the goals.
**Email System.** *Users login by directing their web browser to a
prespecified URL then entering both an identifier (i.e., a user name)
and a password. This starts a session that is associated with the
specified identity. The system displays in a preview frame a list
of email messages. For each message, the name of the sender and the
subject of the message are displayed. During a session, a user can
view the body of a message, reply to or delete a message, compose
a new message, and logout hence end the session.*
Note that the functional requirements sketched above deliberately
leave many details of the system ambiguous. Where necessary, feel
free to resolve those details in your answer, but also clearly state
any additional assumptions you make.
### Problem 2
Repeat what you did in Problem 1, but for the following system:
**Smart Meter System.** *Users have an electricity meter installed
outside their house. The meter is connected to a WiFi home area network
(HAN), as are major appliances inside the house; assume that the HAN is
not bridged to the public Internet. The meter is also connected to a
cellular (e.g., GSM) wide area network (WAN), which enables
communication with the electrical utility company. The meter reports to
the utility company the amount of electricity used each hour. The
utility company can send hints to the meter to conserve energy, which
the meter relays to appliances on the HAN; some appliances might choose
to enter lower-power modes when they receive such a message.*
### Problem 3
Follow the these instructions to familiarize yourself with FindBugs:
* Download and unzip [Findbugs 3.0.1](http://findbugs.sourceforge.net/downloads.html).
Also download `gradesystem.zip` from CMS. This is part of the source code of a
course project from a previous semester. Please do not redistribute this code.
* Launch the FindBugs GUI by running `FBROOT/bin/fb gui`, where `FBROOT` is the directory
in which you unzipped the file in step 1.
* In the FindBugs GUI, choose File->New Project. Give the project a name of your choice.
Add to the "Classpath for Analysis" the gradesystem.zip file you downloaded in the
previous part of the lab. Add to "Source Directories" the same gradesystem.zip file.
Run the analysis.
* Use the View menu to view only Scary bugs. Then only the Scariest bugs. Then All
* Experiment with viewing bugs in different ways using the "Group Bugs By" interface.
Drag-and-drop the different bug attributes ("Bug Kind", "Category", etc.) to see how
bugs can be sorted in various ways.
Then write answers to the following questions:
1. How many bugs of Troubling or worse rank exist in the Security category?
2. Examine the rank 12 bug "read of unwritten field logDisplay in
Client_Second.connectClient" in the Correctness category.
What is the potential problem that results from this bug?
Did the analysis miss an initialization of this field?
Or did the programmer fail to initialize it? How should this bug be fixed?
3. Examine any of the security bugs identified by the analysis in ConnectionClass.java.
What is the potential problem that results from this bug? *Hint: read about
If you work with a partner, first form a group on CMS; submit as that group,
rather than submitting the same solution independently.
Submit a single PDF to [CMS][cms].
Use 10 point or larger type.
Be succinct; it's unlikely you will need to write more than a page or two per problem.
You will be evaluated on the quality of your solutions and on your
adherence to the submission stipulations above. We'll use the following
criteria in evaluating quality:
- *Validity:* do you present a logical, lucid, coherent, clearly
focused, well structured, and appropriately detailed argument?
- *Consistency:* do you employ concepts, principles, and terminology
as they are used in this course?
- *Evidence:* do you adequately support your conclusions?
- *Writing:* do you use proper mechanics, grammar, and style?